Cybersecurity firm Kaspersky has uncovered the activities of hackers behind 65,000 attacks via Windows’ Print Spooler applications.
The attacks occurred between July 2021 and April 2022. It is also noteworthy that almost half (31,000) of the attacks took place in the fourth quarter of 2022.
While the attackers target users around the world, almost a quarter of the hits detected came from Italy. Other active targets were found in Turkey and South Korea. Countries with the highest number of targets in the last four months included Austria, France and Slovenia.
Print Spooler is used to manage the printing process, but attackers have exploited its vulnerabilities. The exploits include CVE-2021-1675 and CVE-2021-34527 also known as PrintNightmare.
Microsoft has issued a patch to stop attacks from PrintNightmare exploits, but organizations have fallen victim to the attack because they were unable to download and implement the patch in time.
Organizations should take several steps to protect themselves from these attacks, including installing patches for new vulnerabilities as quickly as possible and conducting a regular security review of the company’s IT infrastructure.
Others include deploying an endpoint and mall server protection solution with anti-phishing capabilities, using specialized services, and installing anti-APT and EDR solutions that enable threat discovery and detection.